Skip to main content

NVIDIA NeMoClaw CVE-2026-24222

| EUVDEUVD-2026-26079 HIGH
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2026-04-28 nvidia
8.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Re-analysis Queued
Apr 28, 2026 - 20:23 vuln.today
cvss_changed
Analysis Generated
Apr 28, 2026 - 20:01 vuln.today
EUVD ID Assigned
Apr 28, 2026 - 19:30 euvd
EUVD-2026-26079
Analysis Generated
Apr 28, 2026 - 19:30 vuln.today
CVE Published
Apr 28, 2026 - 17:46 nvd
HIGH 8.6

DescriptionCVE.org

NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability might lead to information disclosure.

AnalysisAI

Remote unauthenticated attackers can exfiltrate sensitive host environment variables from NVIDIA NeMoClaw by injecting malicious prompts that bypass sandbox access controls. The vulnerability affects the sandbox initialization component and enables information disclosure without requiring any authentication or user interaction (CVSS 8.6, AV:N/AC:L/PR:N/UI:N). Cross-scope impact (S:C) indicates the attack breaks out of the intended sandbox boundary to access host-level secrets. EPSS and KEV status not available; this appears to be a recently disclosed AI/LLM agent security issue.

Technical ContextAI

NeMoClaw is an NVIDIA AI agent framework that uses sandbox environments to isolate agent execution. The vulnerability (CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere) occurs during sandbox initialization when environment variables from the host system are not properly restricted or filtered. Prompt injection attacks exploit the AI agent's instruction-following behavior to execute unintended commands - in this case, reading and transmitting environment variables that should remain isolated within the sandbox boundary. The affected CPE (cpe:2.3:a:nvidia:nemoclaw:*:*:*:*:*:*:*:*) indicates all currently released versions are vulnerable. This represents an emerging class of AI security vulnerabilities where natural language inputs bypass traditional access controls by manipulating the semantic layer rather than exploiting memory corruption or logic flaws.

RemediationAI

Consult the NVIDIA security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5837 for official patch availability and upgrade instructions. Until a vendor patch is applied, implement these compensating controls: (1) Remove all sensitive credentials and secrets from environment variables accessible to the NeMoClaw sandbox - use secure secret management services (HashiCorp Vault, AWS Secrets Manager) with runtime injection instead. Trade-off: requires application refactoring. (2) Implement strict input validation and sanitization on all prompts before passing to the agent, filtering for common injection patterns (system commands, file access attempts, variable expansion syntax). Trade-off: may break legitimate use cases requiring dynamic prompting. (3) Deploy NeMoClaw in network-isolated environments with no internet access and restrict to processing only pre-validated, trusted content. Trade-off: limits agent functionality and integration capabilities. (4) Enable comprehensive logging of all agent inputs and outputs to detect exfiltration attempts via outbound connections or encoded responses. Trade-off: performance overhead and storage costs. None of these mitigations fully prevent exploitation; patching is the only complete solution.

More in Nvidia

View all
CVE-2016-1741 CRITICAL POC
9.8 Mar 24

The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary c

CVE-2013-0109 HIGH POC
7.2 Apr 08

The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not

CVE-2019-5684 CRITICAL POC
10.0 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2026-24207 CRITICAL POC
9.8 May 20

Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct

CVE-2019-5685 CRITICAL POC
9.8 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2025-23359 HIGH POC
8.3 Feb 12

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co

CVE-2016-8812 HIGH POC
8.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before G

CVE-2016-1861 HIGH POC
7.8 Jun 19

The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi

CVE-2024-0132 HIGH POC
8.3 Sep 26

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de

CVE-2016-1846 HIGH POC
7.8 May 20

The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows a

CVE-2015-7865 HIGH POC
7.7 Nov 24

nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before

CVE-2016-8811 HIGH POC
7.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 3

Share

CVE-2026-24222 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy